diff options
| author | rvelices <rv-github@modusoptimus.com> | 2011-09-08 18:47:30 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2011-09-08 18:47:30 +0000 |
| commit | bfd6bc92ddb21bb2a743dc701142b840575caf47 (patch) | |
| tree | 232174f7a1fa3350f2b216aee5d44a73d22ca600 | |
| parent | 1d3fc9005f00927c19c291f33b5bfffdd81cad6e (diff) | |
- fix protection against session hijacking for IPv4; ti be done later for ipv6
git-svn-id: http://piwigo.org/svn/trunk@12119 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | include/functions_session.inc.php | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 6d0f12a9b..411b374bf 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -94,13 +94,16 @@ function pwg_session_close() function get_remote_addr_session_hash() { - $separator = (FALSE === strpos($_SERVER['REMOTE_ADDR'],'.')) - ? ':' - : '.' - ; - - return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4); + if (strpos($_SERVER['REMOTE_ADDR'],':')===false) + {//ipv4 + return vsprintf( + "%02X%02X", + explode('.',$_SERVER['REMOTE_ADDR']) + ); + } + return ''; //ipv6 not yet } + /** * this function returns * a string corresponding to the value of the variable save in the session |